CVE-2022-3485

Published: Dec 12, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

Affected (2)

Products: Ifm: Moneo Qha210 Firmware, Moneo Qha200 Firmware

Ifm

2 products

Moneo Qha210 Firmware

Moneo Qha200 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ifm Moneo Qha210 Firmware	Up to 1.9.3

Running on/with	Platform Versions
Ifm Moneo Qha210	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ifm Moneo Qha200 Firmware	Up to 1.9.3

Running on/with	Platform Versions
Ifm Moneo Qha200	All versions

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

https://cert.vde.com/en/advisories/VDE-2022-050/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-050/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.